/*
- * "$Id: auth.c 6722 2007-07-25 17:19:09Z mike $"
+ * "$Id: auth.c 6779 2007-08-08 19:49:48Z mike $"
*
* Authentication functions for the Common UNIX Printing System (CUPS).
*
- * Copyright 2007 by Apple Inc.
+ * Copyright 2007-2008 by Apple Inc.
* Copyright 1997-2007 by Easy Software Products.
*
* This file contains Kerberos support code, copyright 2006 by
/*
* 'cupsDoAuthentication()' - Authenticate a request.
*
- * This function should be called in response to a HTTP_UNAUTHORIZED
+ * This function should be called in response to a @code HTTP_UNAUTHORIZED@
* status, prior to resubmitting your request.
*
* @since CUPS 1.1.20@
int /* O - 0 on success, -1 on error */
cupsDoAuthentication(http_t *http, /* I - HTTP connection to server */
- const char *method,/* I - Request method (GET, POST, PUT) */
+ const char *method,/* I - Request method ("GET", "POST", "PUT") */
const char *resource)
/* I - Resource path */
{
const char *password; /* Password string */
char prompt[1024], /* Prompt for user */
realm[HTTP_MAX_VALUE], /* realm="xyz" string */
- nonce[HTTP_MAX_VALUE], /* nonce="xyz" string */
- encode[2048]; /* Encoded username:password */
+ nonce[HTTP_MAX_VALUE]; /* nonce="xyz" string */
int localauth; /* Local authentication result */
_cups_globals_t *cg; /* Global data */
{
# ifdef DEBUG
DEBUG_gss_printf(major_status, minor_status,
- "Unable to initialise security context");
+ "Unable to initialize security context");
# endif /* DEBUG */
return (-1);
}
if (major_status == GSS_S_CONTINUE_NEEDED)
DEBUG_gss_printf(major_status, minor_status, "Continuation needed!");
- if (output_token.length)
+ if (output_token.length > 0 && output_token.length <= 65536)
{
- httpEncode64_2(encode, sizeof(encode), output_token.value,
+ /*
+ * Allocate the authorization string since Windows KDCs can have
+ * arbitrarily large credentials...
+ */
+
+ int authsize = 10 + /* "Negotiate " */
+ output_token.length * 4 / 3 + 1 + /* Base64 */
+ 1; /* nul */
+
+ httpSetAuthString(http, NULL, NULL);
+
+ if ((http->authstring = malloc(authsize)) == NULL)
+ {
+ http->authstring = http->_authstring;
+ authsize = sizeof(http->_authstring);
+ }
+
+ strcpy(http->authstring, "Negotiate ");
+ httpEncode64_2(http->authstring + 10, authsize - 10, output_token.value,
output_token.length);
- httpSetAuthString(http, "Negotiate", encode);
major_status = gss_release_buffer(&minor_status, &output_token);
}
+ else
+ {
+ DEBUG_printf(("cupsDoAuthentication: Kerberos credentials too large - "
+ "%d bytes!\n", output_token.length));
+
+ major_status = gss_release_buffer(&minor_status, &output_token);
+
+ return (-1);
+ }
#endif /* HAVE_GSSAPI */
}
else if (strncmp(http->fields[HTTP_FIELD_WWW_AUTHENTICATE], "Digest", 6))
* Basic authentication...
*/
+ char encode[256]; /* Base64 buffer */
+
+
httpEncode64_2(encode, sizeof(encode), http->userpass,
(int)strlen(http->userpass));
httpSetAuthString(http, "Basic", encode);
* Digest authentication...
*/
- char digest[1024]; /* Digest auth data */
+ char encode[33], /* MD5 buffer */
+ digest[1024]; /* Digest auth data */
httpGetSubField(http, HTTP_FIELD_WWW_AUTHENTICATE, "realm", realm);
snprintf(buf, sizeof(buf), "%s@%s", service_name, fqdn);
+ DEBUG_printf(("cups_get_gss_creds: Looking up %s...\n", buf));
+
token.value = buf;
token.length = strlen(buf);
server_name = GSS_C_NO_NAME;
/*
- * End of "$Id: auth.c 6722 2007-07-25 17:19:09Z mike $".
+ * End of "$Id: auth.c 6779 2007-08-08 19:49:48Z mike $".
*/